const assert = require('http-assert');

//中间件- 验证token返回id
module.exports = (app, powerArr) => async (req, res, next) => {
    const token = String(req.headers.authorization || '').split(' ').pop();
    assert(token, 407, '请登录') //没有token
    const { id } = require("jsonwebtoken").verify(token, app.get('token'))
    const Users = require('../models/User')
    assert(id, 407, '请登录') //没有token
    req.user = await Users.findById(id);
    assert(req.user, 407, '请登录。')
    let iflag = powerArr.indexOf(req.user.power) != -1
    assert(iflag, 408, '没有权限')
    next()
}
